======================================================
WARNING: possible circular locking dependency detected
4.14.171-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/7323 is trying to acquire lock:
 (&table[i].mutex){+.+.}, at: [<ffffffff853f0884>] nfnl_lock+0x24/0x30 net/netfilter/nfnetlink.c:61

but task is already holding lock:
 (&xt[i].mutex){+.+.}, at: [<ffffffff854c922c>] xt_find_table_lock+0x3c/0x3d0 net/netfilter/x_tables.c:1092

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&xt[i].mutex){+.+.}:
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       xt_find_revision+0x82/0x200 net/netfilter/x_tables.c:373
       nfnl_compat_get+0x229/0x950 net/netfilter/nft_compat.c:678
       nfnetlink_rcv_msg+0xa08/0xc00 net/netfilter/nfnetlink.c:214
       netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
       nfnetlink_rcv+0x1ab/0x1650 net/netfilter/nfnetlink.c:515
       netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
       netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
       netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
       sock_sendmsg_nosec net/socket.c:646 [inline]
       sock_sendmsg+0xce/0x110 net/socket.c:656
       ___sys_sendmsg+0x70a/0x840 net/socket.c:2062
       __sys_sendmsg+0xb9/0x140 net/socket.c:2096
       SYSC_sendmsg net/socket.c:2107 [inline]
       SyS_sendmsg+0x2d/0x50 net/socket.c:2103
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 (&table[i].mutex){+.+.}:
       check_prev_add kernel/locking/lockdep.c:1901 [inline]
       check_prevs_add kernel/locking/lockdep.c:2018 [inline]
       validate_chain kernel/locking/lockdep.c:2460 [inline]
       __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       __mutex_lock_common kernel/locking/mutex.c:756 [inline]
       __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
       mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
       nfnl_lock+0x24/0x30 net/netfilter/nfnetlink.c:61
       ip_set_nfnl_put+0x120/0x320 net/netfilter/ipset/ip_set_core.c:730
       set_match_v1_destroy+0x7c/0xb0 net/netfilter/xt_set.c:158
       cleanup_match+0xc2/0x140 net/ipv6/netfilter/ip6_tables.c:491
       cleanup_entry+0xbf/0x230 net/ipv4/netfilter/ip_tables.c:658
       __do_replace+0x3c5/0x5b0 net/ipv4/netfilter/ip_tables.c:1086
       do_replace net/ipv4/netfilter/ip_tables.c:1142 [inline]
       do_ipt_set_ctl+0x296/0x3ee net/ipv4/netfilter/ip_tables.c:1674
       nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
       nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
       ip_setsockopt net/ipv4/ip_sockglue.c:1255 [inline]
       ip_setsockopt+0x9b/0xb0 net/ipv4/ip_sockglue.c:1240
       tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
       tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
       sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
       SYSC_setsockopt net/socket.c:1865 [inline]
       SyS_setsockopt+0x13c/0x210 net/socket.c:1844
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&xt[i].mutex);
                               lock(&table[i].mutex);
                               lock(&xt[i].mutex);
  lock(&table[i].mutex);

 *** DEADLOCK ***

1 lock held by syz-executor.4/7323:
 #0:  (&xt[i].mutex){+.+.}, at: [<ffffffff854c922c>] xt_find_table_lock+0x3c/0x3d0 net/netfilter/x_tables.c:1092

stack backtrace:
CPU: 0 PID: 7323 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1901 [inline]
 check_prevs_add kernel/locking/lockdep.c:2018 [inline]
 validate_chain kernel/locking/lockdep.c:2460 [inline]
 __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 nfnl_lock+0x24/0x30 net/netfilter/nfnetlink.c:61
 ip_set_nfnl_put+0x120/0x320 net/netfilter/ipset/ip_set_core.c:730
 set_match_v1_destroy+0x7c/0xb0 net/netfilter/xt_set.c:158
 cleanup_match+0xc2/0x140 net/ipv6/netfilter/ip6_tables.c:491
 cleanup_entry+0xbf/0x230 net/ipv4/netfilter/ip_tables.c:658
 __do_replace+0x3c5/0x5b0 net/ipv4/netfilter/ip_tables.c:1086
 do_replace net/ipv4/netfilter/ip_tables.c:1142 [inline]
 do_ipt_set_ctl+0x296/0x3ee net/ipv4/netfilter/ip_tables.c:1674
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt net/ipv4/ip_sockglue.c:1255 [inline]
 ip_setsockopt+0x9b/0xb0 net/ipv4/ip_sockglue.c:1240
 tcp_setsockopt net/ipv4/tcp.c:2826 [inline]
 tcp_setsockopt+0x84/0xd0 net/ipv4/tcp.c:2820
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:2968
 SYSC_setsockopt net/socket.c:1865 [inline]
 SyS_setsockopt+0x13c/0x210 net/socket.c:1844
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45ef5a
RSP: 002b:00007ffd59354358 EFLAGS: 00000202 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007ffd59354380 RCX: 000000000045ef5a
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000071fe80 R08: 00000000000002d8 R09: 0000000000004000
R10: 000000000071dd20 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000000000000 R14: 0000000000000000 R15: 000000000071dcc0
x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
Unknown ioctl 35296
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000006b data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000077 data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000007d data 0x0
Unknown ioctl 35296
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000006 data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000089 data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000000c data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000008f data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000012 data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000018 data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000001e data 0x0
kvm [1582]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000020 data 0x0
kvm [1631]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000020 data 0x0
Unknown ioctl 35296